Start Facet Job

POST {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/observations/facet_jobs

Creates an observations facet job. The results for the facet job may be requested using the query ID returned. This route will not request processes.

RBAC Permissions Required

Request Schema

{
    "criteria": "",
    "exclusions": "",
    "query": "",
    "ranges": [
        {
            "bucket_size": "",
            "end": "",
            "field": "",
            "start": ""
        }
    ],
    "terms": {
        "fields": [
            ""
        ],
        "rows": ""
    },
    "time_range": {
        "end": "",
        "start": "",
        "window": ""
    }
}API DocumentationInformation on Fields

Request Body

{"criteria"=>{"device_name"=>["Win7x64"]}, "query"=>"process_name:svchost.exe", "ranges"=>[{"bucket_size"=>"+12HOUR", "end"=>"2020-08-05T08:01:32.077Z", "field"=>"device_timestamp", "start"=>"2020-08-04T08:01:32.077Z"}], "terms"=>{"fields"=>["process_username"], "rows"=>100}, "time_range"=>{"end"=>"2020-08-05T08:01:32.077Z", "start"=>"2020-08-04T08:01:32.077Z"}}

RESPONSES

status: OK

{"job_id":"617e9309-0e8a-4163-a61f-47311ddc132a"}